Return the indexes for the EL2&0 regime when the appropriate bits
are set within HCR_EL2.
Backports commit 6003d9800ee38aa11eefb5cd64ae55abb64bef16 from qemu
Create a predicate to indicate whether the regime has
both positive and negative addresses.
Backports commit 339370b90d067345b69585ddf4b668fa01f41d67 from qemu
Prepare for, but do not yet implement, the EL2&0 regime.
This involves adding the new MMUIdx enumerators and adjusting
some of the MMUIdx related predicates to match.
Backports commit b9f6033c1a5fb7da55ed353794db8ec064f78bb2 from qemu.
Replace the magic numbers with the relevant ARM_MMU_IDX_M_* constants.
Keep the definitions short by referencing previous symbols.
Backports commit 25568316b2a7e73d68701042ba6ebdb217205e20 from qemu
Define via macro expansion, so that renumbering of the base ARMMMUIdx
symbols is automatically reflected in the bit definitions.
Backports commit 5f09a6dfbfbff4662f52cc3130a2e07044816497 from qemu
We are about to expand the number of mmuidx to 10, and so need 4 bits.
For the benefit of reading the number out of -d exec, align it to the
penultimate nibble.
Backports commit 506f149815c2168f16ade17893e117419d93f248 from qemu
We had completely run out of TBFLAG bits.
Split A- and M-profile bits into two overlapping buckets.
This results in 4 free bits.
We used to initialize all of the a32 and m32 fields in DisasContext
by assignment, in arm_tr_init_disas_context. Now we only initialize
either the a32 or m32 by assignment, because the bits overlap in
tbflags. So zero the entire structure in gen_intermediate_code.
Backports commit 79cabf1f473ca6e9fa0727f64ed9c2a84a36f0aa from qemu
This is part of a reorganization to the set of mmu_idx.
The non-secure EL2 regime only has a single stage translation;
there is no point in pointing out that the idx is for stage1.
Backports commit e013b7411339342aac8d986c5d5e329e1baee8e1 from qemu
This is part of a reorganization to the set of mmu_idx.
The EL3 regime only has a single stage translation, and
is always secure.
Backports commit 127b2b086303296289099a6fb10bbc51077f1d53 from qemu
This is part of a reorganization to the set of mmu_idx.
This emphasizes that they apply to the Secure EL1&0 regime.
Backports commit fba37aedecb82506c62a1f9e81d066b4fd04e443 from qemu
This is part of a reorganization to the set of mmu_idx.
The EL1&0 regime is the only one that uses 2-stage translation.
Spelling out Stage avoids confusion with Secure.
Backports commit 2859d7b590760283a7b5aef40b723e9dfd7c98ba from qemu
This is part of a reorganization to the set of mmu_idx.
This emphasizes that they apply to the EL1&0 regime.
The ultimate goal is
-- Non-secure regimes:
ARMMMUIdx_E10_0,
ARMMMUIdx_E20_0,
ARMMMUIdx_E10_1,
ARMMMUIdx_E2,
ARMMMUIdx_E20_2,
-- Secure regimes:
ARMMMUIdx_SE10_0,
ARMMMUIdx_SE10_1,
ARMMMUIdx_SE3,
-- Helper mmu_idx for non-secure EL1&0 stage1 and stage2
ARMMMUIdx_Stage2,
ARMMMUIdx_Stage1_E0,
ARMMMUIdx_Stage1_E1,
The 'S' prefix is reserved for "Secure". Unless otherwise specified,
each mmu_idx represents all stages of translation.
Backports commit 01b98b686460b3a0fb47125882e4f8d4268ac1b6 from qemu
At the same time, add writefn to TTBR0_EL2 and TCR_EL2.
A later patch will update any ASID therein.
Backports commit ed30da8eee6906032b38a84e4807e2142b09d8ec from qemu
Not all of the breakpoint types are supported, but those that
only examine contextidr are extended to support the new register.
Backports commit e2a1a4616c86159eb4c07659a02fff8bb25d3729 from qemu
When support for the AHP flag was added we inexplicably only freed the
new temps in one of the two legs. Move those tcg_temp_free to the same
level as the allocation to fix that leak.
Backports commit aeab8e5eb220cc5ff84b0b68b9afccc611bf0fcd from qemu
Implement emulation of GINVT instruction. As QEMU doesn't support
caches and virtualization, this implementation covers only one
instruction (GINVT - Global Invalidate TLB) among all TLB-related
MIPS instructions.
Backports commit 99029be1c2875cd857614397674bbf563ddb6f91 from qemu
WatchHi is extended by the field MemoryMapID with the GINVT instruction.
The field is accessible by MTHC0/MFHC0 in 32-bit architectures and DMTC0/
DMFC0 in 64-bit architectures.
Backports commit feafe82cc2289a31b3e3f11dc76f3539ea22d670 from qemu
This fixes a confusion in the help output. (Although, if you squint
long enough at the '-cpu help' output, you _do_ notice that
"Skylake-Client-noTSX-IBRS" is an alias of "Skylake-Client-v3";
similarly for Skylake-Server-v3.)
Without this patch:
$ qemu-system-x86 -cpu help
...
x86 Skylake-Client-v1 Intel Core Processor (Skylake)
x86 Skylake-Client-v2 Intel Core Processor (Skylake, IBRS)
x86 Skylake-Client-v3 Intel Core Processor (Skylake, IBRS)
...
x86 Skylake-Server-v1 Intel Xeon Processor (Skylake)
x86 Skylake-Server-v2 Intel Xeon Processor (Skylake, IBRS)
x86 Skylake-Server-v3 Intel Xeon Processor (Skylake, IBRS)
...
With this patch:
$ ./qemu-system-x86 -cpu help
...
x86 Skylake-Client-v1 Intel Core Processor (Skylake)
x86 Skylake-Client-v2 Intel Core Processor (Skylake, IBRS)
x86 Skylake-Client-v3 Intel Core Processor (Skylake, IBRS, no TSX)
...
x86 Skylake-Server-v1 Intel Xeon Processor (Skylake)
x86 Skylake-Server-v2 Intel Xeon Processor (Skylake, IBRS)
x86 Skylake-Server-v3 Intel Xeon Processor (Skylake, IBRS, no TSX)
Backports commit 673b0add9ea7f432f34c1c99eaa7c567012fc838 from qemu
When executing an xRET instruction, supposing xPP holds the
value y, xIE is set to xPIE; the privilege mode is changed to y;
xPIE is set to 1. But QEMU sets xPIE to 0 incorrectly.
Backports commit a37f21c27d3e2342c2080aafd4cfe7e949612428 from qemu
In the PAC computation, sbox was applied over wrong bits.
As this is a 4-bit sbox, bit index should be incremented by 4 instead of 16.
Test vector from QARMA paper (https://eprint.iacr.org/2016/444.pdf) was
used to verify one computation of the pauth_computepac() function which
uses sbox2.
Launchpad: https://bugs.launchpad.net/bugs/1859713
Backports commit de0b1bae6461f67243282555475f88b2384a1eb9 from qemu
The PMU is not optional on cortex-r5 and cortex-r5f (see
the "Features" chapter of the Technical Reference Manual).
Backports commit 90f671581ac601fcc1b840d9e9abe7e3c3e672db from qemu
A regression that was introduced, with the refactor to TranslatorOps,
drops two lines that update the PC when single-stepping is being performed.
Fixes: 11ab74b01e0a ("target/m68k: Convert to TranslatorOps")
Backports commit 322f244aaa80a5208090d41481c1c09c6face66b from qemu
During the conversion to decodetree, the setting of
ISSIs16Bit got lost. This causes the guest os to
incorrectly adjust trapping memory operations.
Backports commit 1a1fbc6cbb34c26d43d8360c66c1d21681af14a9 from qemu
The IL bit is set for 32-bit instructions, thus passing false
with the is_16bit parameter to syn_data_abort_with_iss() makes
a syn mask that always has the IL bit set.
Pass is_16bit as true to make the initial syn mask have IL=0,
so that the final IL value comes from or'ing template_syn.
Cc: qemu-stable@nongnu.org
Fixes: aaa1f954d4ca ("target-arm: A64: Create Instruction Syndromes for Data Aborts")
Backports commit 30d544839e278dc76017b9a42990c41e84a34377 from qemu
The wfi instruction can be configured to be trapped by a higher exception
level, such as the EL2 hypervisor. When the instruction is trapped, the
program counter should contain the address of the wfi instruction that
caused the exception. The program counter is adjusted for this in the wfi op
helper function.
However, this correction is done to env->pc, which only applies to AArch64
mode. For AArch32, the program counter is stored in env->regs[15]. This
adds an if-else statement to modify the correct program counter location
based on the the current CPU mode.
Backports commit 855532912b0e1bf803ae393e5b0c7e80948cd6a4 from qemu
The SPSR register is named within the Unicorn headers, but the code
to access it is absent. This means that it will always read as 0 and
ignore writes. This makes it harder to work with changes in processor
mode, as the usual way to return from a CPU exception is a
`MOVS pc, lr` for undefined instructions or `SUBS pc, lr, #4`
for most other aborts - which implicitly restores the CPSR from SPSR.
This change adds the access to the SPSR so that it can be read and
written as the caller might expect.
Backports commit 99097cab4c39fb3fc50eea8f0006954f62a149b2 from unicorn.
Under some circumstances, the PC is not fixed up properly when
returning from the execution of a block in cpu_tb_exec. This appears
to be caused by the resetting of the PC from the tb.
This change removes the additional fixup in the cases where there
is code tracing or timing active. Either of these cases would result
in the wrong PC being reported.
Closes unicorn-engine#1105.
Backports commit b59632fb645d456338472e3d757c065c0ed74ad5 from unicorn
* Implement timeout state and new error for such case
* Adjust test_i386_loop sample
* Adjust test_i386_loop test
Backports commit 3a3bc0c22de5453335dfb597a95dbda07c9f47a2 from unicorn
Calling emu_stop and causing the pc value to be incorrect after the end of the run. (#1157)
Backports commit 83887b8193dfeca3e5e8da851b41f874bcd0514e from unicorn.
* fix a mem-leak.
* check the uc and l1_map before using them.
* fix multi-level free bug.
* Add pointer check.
Backports commit 79d89e5d3b83c6ee5d523738bc488d1e44b06f6a from unicorn.
* first draft for an invalid instruction hook
* Fixed documentation on return value of invalid insn hook
Backports commit 07f94ad1fc62293cac330df9714d739be6354926 from unicorn
